Re: Other possible cfengine weak areas?

From:

Mark . Burgess

Subject:

Re: Other possible cfengine weak areas?

Date:

Mon, 2 Feb 2004 17:04:43 +0100 (MET)

Why not add it to the FAQomatic so that others will have the pleasure?
M
On 2 Feb, Jamie Wilkinson wrote:
> This one time, at band camp, Tim Nelson wrote:
>>On Fri, 23 Jan 2004 address@hidden wrote:
>>
>>> You are right -- the code to change the IP address was removed some time
>>> ago. I had forgotten. It happened when the various Unix kernels started
>>> to diverge and the "standard" way of doing this evaporated.
>>>
>>> We should rewrite this part of cfengine to palm this off the
>>> ifconfig/ipconfig. That means we need to compile a list of
>>> ifconfig syntaxes for different systems. We could then deal with
>>> ipv6 at the same time.
>>
>> Ok. Hmm. I guess the only thing is, the "proper" way to eg.
>>create virtual interfaces on a Redhat box is to create a file called eg.
>>/etc/sysconfig/network-scripts/ifcfg-eth0-range0 and add the appropriate
>>contents, and then restart the network service. Is there some way to also
>>incorporate this idea?
>
> So I have this hideous editfiles thing that does this:
>
> { /etc/sysconfig/network-scripts/ifcfg-eth0:00
> # don't confuse ifupdown with backup files
> Backup 'off'
> AutoCreate
> BeginGroupIfNoLineMatching '^DEVICE=.*'
> Append 'DEVICE='
> EndGroup
> ResetSearch 1
> LocateLineMatching '^DEVICE=.*'
> BeginGroupIfNoMatch '^DEVICE=eth0:00'
> ReplaceLineWith 'DEVICE=eth0:00'
> EndGroup
> ResetSearch 1
> ... repeat that for each of BOOTPROTO, ONBOOT, IPADDR, NETMASK...
>
> DefineClasses eth0_restart
> }
>
> and later in shellcommands:
>
> eth0_restart:
>
> "/sbin/ifdown eth0" useshell=false
> "/sbin/ifup eth0" useshell=false
>
>
> Now that sucked a lot, especially for one of our hosts that has about 30
> aliases interfaces, and there's 30 hosts in total with at least 2
> interfaces each and an additional aliased interface; our cf.interfaces
> was the most hideous and suckful file.
>
> I've since built some M4 macros to autogenerate the file, so now I'm
> more confident that I'm not introducing errors into the file and
> potentially rolling out a configuration that'll prevent a machine from
> coming back up after its interfaces are downed. There's still a risk
> but now I can easily cross check the file against our list of assigned
> IPs, and the errors are restricted to typos in the IPs themselves and
> not the editfiles scripts.
>
> I was going to announce my M4 stuff once it was better, but now's a good
> a time as any, so I'll attach it now.
>
> I have a Makefile with the following rule in it to generate the
> cfinputs:
>
> %.cf: %.cf.in
> m4 -I m4 autocf.m4 $< > $@
>
> all the inputs themselves are named like 'ssh.cf.in'.
>
> Hopefully someone might find this useful.
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: address@hidden
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~